As we brace for the very real possibility of a government shutdown, we know that government networks are going to be shut down and employees will have no access to email. We also know that only essential personnel will continue to be able to work. But what does it mean for cyber security?
NextGov says that cyber security brings a new wrinkle to essential government workers:
The lists of essential security personnel drawn up 15 years ago are irrelevant, computer specialists say. Pinpointing essential information technology personnel today is more important than ever, they note, because many crucial activities have moved online at agencies, notably at the Social Security Administration and Treasury Department.
The article goes on to say that each department is to have a plan in place that identifies critical systems and personnel:
The last time around, the Office of Management and Budget began issuing guidance on winding down operations the previous August. OMB officials on Monday said they have not released new guidance but OMB Circular No. A-11, which addresses funding hiatuses, remains in effect. The memo was last updated July 2010.
If security isn’t considered critical, then what is? Fast Company notes that departments could scramble to decide what systems are essential for continued security, but there is an obstacle:
The federal government works at the speed of bureaucracy.
Implementing lists of last-minute essential personnel to stay on staff during a shutdown requires considerable office jujitsu and cross-agency coordination. [T]here is a strong likelihood of a lapse in the federal government’s network security infrastructure.